Original: https://pensivepragmatism.substack.com/p/on-crypto-bridges
Author: Marco Manoppo
Moving crypto assets across a blockchain network is very difficult. As the cryptoasset and blockchain industry matures, the world will undoubtedly become multi-chain, with various blockchain networks optimized for specific needs and use cases. However, it also increases the risk that asset owners take when moving assets across different networks. In the past year alone, more than $1 billion has been stolen from various crypto bridges – most recently, we saw another $200 million stolen from a bridge called Nomad.
The hack was unique in that it did not require deep technical knowledge, making the event the first decentralized crowd heist in which virtually anyone with an understanding of how blockchain transactions work could participate in the attack. Just copy-paste the original attacker's transaction call data and voila!
At this point, it seems like almost all existing crypto bridges have been hacked in one way or another. Some survived thanks to bailouts, while others never really regained their former glory. I'm not going to pretend to be a mysterious super-programmer or a cybersecurity expert, and there are people smarter than me who can explain the technical intricacies of encrypted bridges - I'm just here to talk about how bridges work, why they matter , shortcomings, and offer my thoughts on future dynamics as cryptoassets mature. I'm just a researcher and strategist.
Here are the quick gist:
- The total TVL locked through crypto bridges exceeds $20 billion.
- In the past year, more than $1.8 billion was stolen on 5 crypto bridges.
- Vitalik's vision of a multi-chain future rather than a cross-chain future is likely to be correct.
- The crypto bridge bailout set a bad precedent for the industry.
- Institutional investors are likely to favor trusted over trustless crypto bridges.
How does the bridge work?
Literally, like the word itself, "bridging" crypto assets between multiple blockchain networks. This trend started in early 2020 when multiple L1 ecosystems were growing and vying for market share, inviting people to come to their turf and experiment with what they had to offer; although something like WBTC already existed.
These bridges typically work by pegging tokens in smart contracts to issue them on another chain, while ensuring users that their pegged tokens can always be redeemed one-for-one with the native asset. Let's look at a concrete example.
For WBTC, one of the most popular bridge assets, the nature of the bridge is centralized and custodial. Users deposit BTC from the Bitcoin blockchain and receive the ERC-20 token WBTC on the Ethereum blockchain. BitGo is the custodian of WBTC and requires a KYC process through BitGo to mint and redeem WBTC. Additionally, there is a group of partners that hold the multi-signature keys for all deposited and minted BTC. In this case, users can verify 1:1 support on-chain.
classification bridge
Generally speaking, bridges can be divided into trusted bridges and trustless bridges.
The former means that the bridge relies on a centralized entity to function, as shown in the WBTC example above. Users need to trust the security and integrity of these centralized custodians to ensure that their bridge assets have sufficient liquidity for users who want to redeem their native tokens. In this case, the risk is that the centralized entity becomes rogue and has incompetent security management.
The latter means that the bridge relies on smart contracts. Users need to trust the security of the underlying blockchain and the smart contracts written on it to enable the functionality of the bridge. In this case, the risk is poor code writing, social engineering, or new attack vectors that were previously overlooked.
Additionally, there is a trustless bridge that incorporates AMMs to essentially create a more seamless cross-chain swap experience. This model is generally more efficient than traditional bridge models. However, this is still a trustless model and has the same inherent smart contract risks described above.
The way it works is by creating a new ERC20 token contract on all desired target chains as the anchor token. When a user bridges their tokens from a source chain to any target chain, the original tokens are locked in Synapse's bridge smart contract. Then the Synapse protocol transmits a cross-chain message instructing the target chain to mint the target chain tokens. This newly minted token is distributed along with the gas airdrop to the wallet addresses of users on the target chain.
history of being attacked
To the bad guys, crypto bridges are like flowers to bees. These bridges will become increasingly profitable as the world becomes more multi-chain and the total market capitalization of cryptoassets (and DeFi TVL) increases. As of August 2, 2022, over $20 billion is locked across multiple bridges.
Would you trust your 20-30 year old founder and a team of 10 to stand up to state-level hackers? North Korea has been behind the latest high-profile operation.
School of Thought
Vitalik has argued that the future will be multi-chain, but not cross-chain. He basically argues that decentralized applications across different chains create complex interdependencies across multiple chains, so a 51% attack on just one chain could have severe contagion effects that threaten the entire economy ecosystem.
Not only security risks, token economics also need to decide how to deal with the existence of tokens in different chains. There will be a supply and demand issue to ensure that the original tokenomics framework is respected and that the inflation rate of the token is not materially affected by the cross-chain implementation. With stablecoins, this is handled in a completely different way.
big shot to the rescue
Ironically, the term "bailout" may be one of the most negative depictions in the mainstream media of Wall Street firms that screw things up and need some kind of savings from the government (or Warren Buffett). The term is synonymous with depravity and mismanagement on Wall Street. Once again, the crypto industry is repeating TradFi's mistakes with lightning speed.
- Wormhole $320M Hack - Jump Trading (Big Daddy)
- Ronin (Axie) $624M Hack - Binance, Animoca, a16z, Accel, Paradigm, Dialectic (Big Daddies)
- Harmony Bridge $100M Hack - Compensate Victims with ONE Tokens (Big Daddy = Community)
- Poly Network $611M Hack - Hackers Return Funds
Of the four scenarios above, the most positive outcome was for the Poly network, as the hackers eventually returned close to all of the funds originally stolen. But what are we doing here if we either need a bailout, rely on the good faith of the hackers, or go the law enforcement route to the authorities?
So, don't we better "bridge" assets through CEX or trusted bridge?
These entities will end up being more regulated, have auditable reserves and (hopefully) better service.
Of course, you can argue that CEXs and trusted bridges can block your access to their services at any time, especially if they are under more pressure from regulators. While this is 100% effective, trustless bridges may also be forced to do similar things, albeit on a much smaller scale, such as blocking IP addresses or flagging transactions from blacklisted wallets. At the end of the day, 99% of the consumers of these dApps don't really care when the crypto market size reaches 1 billion users. They just want to move their assets in the fastest, safest, and most trustworthy way possible.
When USDC/USDT finds a way to do cross-chain swaps and integrate fiat on/off in G-20 countries, it's pretty much over. Long live stablecoins!
reinvent the wheel
Cryptographic design in its current form is reinventing the wheel, not breaking it.
Our goal is to build a decentralized financial ecosystem, but when a breach occurs, we will likely need to rely on the authorities to get the funds back. If so, then why don't we just trust reputable CEXs? Yes, they may be slower to adopt new chains, but if the end result is the same, and as CEX is regulated, it is likely to be more secure, so doesn't that defeat the original purpose?
I predict that "real" institutions with trillions of dollars in capital will favor CEXs and trusted bridges over trustless bridges. So while there is a market for trustless bridges, the activity will be primarily driven by speculators willing to farm on the new L1 chain.
These dynamics, combined with Vitalik's vision for a multi-chain future, may suggest that we need to rethink the design, philosophy, and use cases of these bridges.
I once worked with a very smart engineer with decades of experience building software for financial infrastructure. He's a smart guy who's skeptical of cryptocurrencies, something the industry really needs more of; he once said that cryptocurrencies are really just exponentially repeating what TradFi did. It appears he was right again.